Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2015-9251

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

Security Impact Summary

This vulnerability carries a MEDIUM severity rating with a CVSS v3.1 score of 6.1, indicating it can be exploited remotely over the network with relatively low complexity though user interaction is required and does not require pre-existing privileges . The vulnerability impacts limited data confidentiality, limited integrity, for affected systems. Impacting 47 products from jquery, from oracle, from oracle and 44 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

First disclosed in 2018, this vulnerability was reported during a period defined by widespread IoT adoption challenges, mobile security concerns, and the emergence of advanced persistent threat (APT) techniques. Contemporary mitigation strategies focused on secure development practices and third-party component vetting.

Published

2018-01-18T23:29:00.307

Last Modified

2024-11-21T02:40:09.093

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 6.1 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: PARTIAL
  • Availability Impact: NONE
Exploitability Score

8.6

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-79
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application jquery jquery < 3.0.0 Yes
Application oracle agile_product_lifecycle_management_for_process 6.2.0.0 Yes
Application oracle agile_product_lifecycle_management_for_process 6.2.1.0 Yes
Application oracle agile_product_lifecycle_management_for_process 6.2.2.0 Yes
Application oracle agile_product_lifecycle_management_for_process 6.2.3.0 Yes
Application oracle agile_product_lifecycle_management_for_process 6.2.3.1 Yes
Application oracle banking_platform 2.6.0 Yes
Application oracle banking_platform 2.6.1 Yes
Application oracle banking_platform 2.6.2 Yes
Application oracle business_process_management_suite 11.1.1.9.0 Yes
Application oracle business_process_management_suite 12.1.3.0.0 Yes
Application oracle business_process_management_suite 12.2.1.3.0 Yes
Application oracle communications_converged_application_server < 7.0.0.1 Yes
Application oracle communications_interactive_session_recorder 6.0 Yes
Application oracle communications_interactive_session_recorder 6.1 Yes
Application oracle communications_interactive_session_recorder 6.2 Yes
Application oracle communications_services_gatekeeper < 6.1.0.4.0 Yes
Application oracle communications_webrtc_session_controller < 7.2 Yes
Application oracle endeca_information_discovery_studio 3.1.0 Yes
Application oracle endeca_information_discovery_studio 3.2.0 Yes
Application oracle enterprise_manager_ops_center 12.2.2 Yes
Application oracle enterprise_manager_ops_center 12.3.3 Yes
Application oracle enterprise_operations_monitor 3.4 Yes
Application oracle enterprise_operations_monitor 4.0 Yes
Application oracle financial_services_analytical_applications_infrastructure ≤ 7.3.5 Yes
Application oracle financial_services_analytical_applications_infrastructure ≤ 8.0.7 Yes
Application oracle financial_services_asset_liability_management ≤ 8.0.7 Yes
Application oracle financial_services_data_integration_hub ≤ 8.0.7 Yes
Application oracle financial_services_funds_transfer_pricing ≤ 8.0.7 Yes
Application oracle financial_services_hedge_management_and_ifrs_valuations ≤ 8.0.7 Yes
Application oracle financial_services_liquidity_risk_management ≤ 8.0.6 Yes
Application oracle financial_services_loan_loss_forecasting_and_provisioning ≤ 8.0.7 Yes
Application oracle financial_services_market_risk_measurement_and_management 8.0.5 Yes
Application oracle financial_services_market_risk_measurement_and_management 8.0.6 Yes
Application oracle financial_services_profitability_management ≤ 8.0.6 Yes
Application oracle financial_services_reconciliation_framework 8.0.5 Yes
Application oracle financial_services_reconciliation_framework 8.0.6 Yes
Application oracle fusion_middleware_mapviewer 12.2.1.3.0 Yes
Application oracle healthcare_foundation 7.1 Yes
Application oracle healthcare_foundation 7.2 Yes
Application oracle healthcare_translational_research 3.1.0 Yes
Application oracle hospitality_cruise_fleet_management 9.0.11 Yes
Application oracle hospitality_guest_access 4.2.0 Yes
Application oracle hospitality_guest_access 4.2.1 Yes
Application oracle hospitality_materials_control 18.1 Yes
Application oracle hospitality_reporting_and_analytics 9.1.0 Yes
Application oracle insurance_insbridge_rating_and_underwriting 5.2 Yes
Application oracle insurance_insbridge_rating_and_underwriting 5.4 Yes
Application oracle insurance_insbridge_rating_and_underwriting 5.5 Yes
Application oracle jd_edwards_enterpriseone_tools 9.2 Yes
Application oracle jdeveloper 11.1.1.9.0 Yes
Application oracle jdeveloper 12.1.3.0.0 Yes
Application oracle jdeveloper 12.2.1.3.0 Yes
Application oracle oss_support_tools 19.1 Yes
Application oracle peoplesoft_enterprise_peopletools 8.55 Yes
Application oracle peoplesoft_enterprise_peopletools 8.56 Yes
Application oracle peoplesoft_enterprise_peopletools 8.57 Yes
Application oracle primavera_gateway 15.2 Yes
Application oracle primavera_gateway 16.2 Yes
Application oracle primavera_gateway 17.12 Yes
Application oracle primavera_unifier ≤ 17.12 Yes
Application oracle primavera_unifier 16.1 Yes
Application oracle primavera_unifier 16.2 Yes
Application oracle primavera_unifier 18.8 Yes
Application oracle real-time_scheduler 2.3.0 Yes
Application oracle retail_allocation 15.0.2 Yes
Application oracle retail_customer_insights 15.0 Yes
Application oracle retail_customer_insights 16.0 Yes
Application oracle retail_invoice_matching 15.0 Yes
Application oracle retail_sales_audit 15.0 Yes
Application oracle retail_workforce_management_software 1.60.9 Yes
Application oracle retail_workforce_management_software 1.64.0 Yes
Application oracle service_bus 12.1.3.0.0 Yes
Application oracle service_bus 12.2.1.3.0 Yes
Application oracle siebel_ui_framework 18.10 Yes
Application oracle siebel_ui_framework 18.11 Yes
Application oracle utilities_framework ≤ 4.3.0.4 Yes
Application oracle utilities_mobile_workforce_management 2.3.0 Yes
Application oracle webcenter_sites 11.1.1.8.0 Yes
Application oracle weblogic_server 12.1.3.0 Yes
Application oracle weblogic_server 12.2.1.3 Yes
References

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For jquery's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.